Method to de-correlate electric signals emitted by an ic card

ABSTRACT

A method is to de-correlate electric signals emitted by an IC Card during computations as well as sensitive data involved in such computations. The method includes executing functions introducing respective electric signals which do not involve the sensitive data. Each of the functions is triggered by a timer having a value which is different at each step of executing the functions.

FIELD OF THE INVENTION

The present invention relates to a method to de-correlate electricsignals, emitted by an IC Card during computations.

BACKGROUND OF THE INVENTION

As known, a method to de-correlate electric signals emitted by an ICCard during computations, and sensitive data involved during suchcomputations, provides the execution of one more noise functions. Theexecution of noise functions introduces electric signals to trick ordefeat an attack which attempts to detect sensitive data. In fact theattack cannot distinguish between an electric signal involving thesensitive data and a similar electric signals, i.e. a signal with a samepower consumption or frequency, introduced by the noise functions.

FIG. 1 is a diagram representing the electric signals s_(a), s_(b),s_(c) emitted by an IC Card during the computations of instructions i₁,i₂, i₃ as a function of the time t. These computations involve sensitivedata, for example a cryptographic key used by instruction i₂, to encryptdata. The computation of instruction i₂ may generate an electric signals_(b) different from the signal emitted by the computations ofinstructions i₁ and i₃, due to the computational complexity of thecryptographic instruction with respect to other instructions.

FIG. 2, is another diagram representing the same electrical signalss_(a), s_(b), s_(c) emitted by the IC Card for the computations of theinstructions i₁, i₂, i₃, as a function of the time t, with the insertionof further electric signals generated by the computation of noisefunctions f₁, f₂, for example between instruction i₁, i₂. When the ICCard process functions f₁, f₂, it emits electric signals s₁, s₂ whichare substantially identical to the signal s_(b) of the instruction i₂involving sensitive data. However, functions f₁, f₂, does not involvesensitive data. Thus, an attack trying to retrieve sensitive data fromthe electric signals, should take in considerations not only the signals_(b), which is emitted during the effective computation involvingsensitive data, but also the similar signals s₁, s₂, which arede-correlated from such sensitive data.

The bottom part of FIG. 2 schematically represents the implementation ofthe method to de-correlate electric signals according to the prior art.A timer TMR, for example counting 20 usec, is started. When the timerTMR is decreased to 0, i.e. when the 20 usec are lapsed (as indicatedwith a in FIG. 2), a noise function f₁, f₂ may be triggered. Then thetimer TMR is reset to count the following 20 usec, after which, at pointb of FIG. 2, another noise function f₁, f₂ may be triggered. In FIG. 2,the timer TMR is reset 8 times (indicated from a to h) and two noisefunctions f₁, f₂ are triggered between instruction i₁ and i₂. In otherwords, the noise functions f₁, f₂ may be randomly triggered or nottriggered when the timer TMR is reset.

Even if this method is advantageous because it allows the randominsertion of noise functions f₁, f₂, it is limited by the fact that suchfunctions may be inserted only at predetermined times, which aredetermined by the timer reset. In other words, again with reference toFIG. 2, the functions f₁, f₂ may be inserted each time the timer TMR isreset, i.e. in each of the points a-h, in one of such points a-h, or inmore than one point, for example in a and b, as represented in FIG. 2.However, the noise functions cannot be triggered in a time between thepoints, for example between a and b.

Thus, an attacker may try to identify all the possible insertionpatterns of noise functions triggered by the timer reset and ignore thecorresponding electric signals, because they are associated with thenoise functions and thus they do not involve the sensitive data.

SUMMARY OF THE INVENTION

The aim at the base of the present invention is to avoid thedetectability of the time in which electric signal may be introduced bythe executions of noise functions, in order to improve thede-correlation of electric signals emitted by such IC Card duringcomputations, and sensitive data involved during such computations, andovercoming thus the limitations that currently affect the prior art.

The approach at the base of the present invention is to provide a timerfor the IC Card having a value which is different at each reset of thetimer, and therefore avoiding the determination of insertion patterns ofnoise functions which are inserted to generate electric signalsde-correlated by sensitive data of the IC Card.

According to the approach given above, the present invention includes amethod to de-correlate electric signals s_(a), s_(b), s_(c) emitted byan IC Card during computations and sensitive data involved during suchcomputations, the method comprising the step of executing functionsintroducing respective electric signals s₁, s₂, . . . , s_(n) which donot involve the sensitive data. The execution of each of function istriggered by a timer having a value t_(rand) which is different at eachexecution step.

More particularly, at each timer reset, the functions to be inserted arerandomly selected from among a plurality of noise functions stored inthe IC Card. According to an aspect, at one or more timer resets duringthe computation, no noise function is inserted. Advantageously, severalexecutions of the computations involving the sensitive data, forced byan attack, may not be able to identify the insertion patterns of thenoise functions introduced for de-correlation, since such functions maybe triggered at any time and they do not correspond to an insertionpattern.

Advantageously, the insertion pattern of a noise function after anexecution of the entire computation involving the sensitive data issubstantially unrepeatable.

At each step of executing the functions, the value t_(rand) of the timeris randomly selected between an upper timer value t_(upper) and a lowertimer value t_(lower) which are determined by the IC Card for completingthe computation involving sensitive data within a predetermined timelimit t_(max). Advantageously, the timer value and thus a number ofexecutions of noise functions within the computation are adaptivelyprocessed by the IC Card to comply with standards for IC Card,specifying time limits for the completion of cryptographic computations.

The upper timer value t_(upper) and the lower timer value t_(lower) areassociated with an average execution time t_(pm) of portions in whichthe computations involving sensitive data is divided, i.e. an averageexecution time t_(pm) of portions of the computations included betweentwo consecutive executions of the noise functions.

More particularly, the average execution time t_(pmu) of the portions inwhich the computations would be divided setting the timer value t_(rand)to the upper timer value t_(upper) is processed by the IC Card dividingan execution time t_(m) of the computations for a number N₁ ofexecutions of said noise functions. The number N1 allows the completionof the computations in a predetermined time T_(l)>t_(m). This time valueT1 is stored inside the IC Card and is lower than the predetermined timelimit t_(max). The execution time t_(m) of the computations, isprocessed executing the computations without insertion of noisefunctions and detecting the respective execution time t_(m).

According to an aspect, the number N₁ of executions of the noisefunctions to complete the computations (together with the insertion ofnoise functions) in the predetermined time T₁ is processed bysubtracting, from such predetermined time value T₁, the execution timeof the computations t_(m), and dividing the resulting difference with anaverage execution time t_(f) of the noise functions. More particularly,the average execution time t_(f) of the noise functions is stored in theIC Card and is processed by executing each function f₁. . . f_(n),counting the respective execution times and dividing the sum of theexecution times for the number of noise functions n.

Advantageously, the average execution time t_(pmu) of the portions, theupper timer value t_(upper) and the number N_(l) of executions of noisefunctions are automatically processed by the IC Card, based on thepredetermined time value T₁, the execution time of the computationst_(m), and the average execution time t_(f) of the noise functions isautomatically processed by the IC Card.

Similarly, the average execution time t_(pm1) of the portions associatedwith the lower timer value t_(lower) are processed by dividing theexecution time t_(m) of the computations for a number N_(max) ofexecutions of the noise functions to complete the computations in thepredetermined time T_(max>)t_(m), which T_(max>)T_(l). T_(max) is storedin the IC Card and complies with standard specifications.

Also the number N_(max) of executions of the noise functions to completethe computations in the predetermined time T_(max) are processed bysubtracting, from the predetermined time value T_(max), the executiontime of the computations t_(m), and dividing the resulting differencewith the average execution time t_(f) of the functions. Advantageously,the average execution time t_(pm1) of the portions, the lower timervalue t_(lower) and the number N_(max) of executions of noise functions,are automatically processed by the IC Card, based on the predeterminedtime value T_(max). Also the execution time of the computations t_(m)and the average execution time t_(f) of the noise functions areautomatically processed by the IC Card.

Thus, given T1 and Tmax, the IC Card may process a range of time valuesfrom which selecting different values of the timer, at each timer reset.In a preferred embodiment, the upper timer value t_(upper) is processedwith the formula

t _(upper) =t _(pmu) *f _(clock)

and the lower timer value t_(lower) is processed with the formula

t _(lower) =t _(pml) *f _(clock)

wherein t_(pmu) is the average execution time of the portions associatedto the upper timer value, t_(pml) is the average execution time of theportions associated to the lower timer value and f_(clock) is afrequency of a clock of the IC Card.

According to an aspect of the invention, the clock frequency f_(clock)is a fixed value and the upper timer value t_(upper) and lower timervalue t_(lower) are fixed lower and upper bound for the timer. In thisrespect, as a fixed value of the clock frequency is selected the clockfrequency indicated in the datasheet of the chip.

According to another aspect of the invention, the clock frequencyf_(clock) is adjusted during the IC Card lifetime, preferably accordingto the following method. The IC Card requests the handset to receive atleast two commands including respective time stamps t_(s1) and t_(s2).At the reception of the first command, the IC Card starts an internaltimer. Thus, the IC Card is able to know how many clock cycles n_(clk1)are desired since the receipt of the first command until the internaltimer starts; i.e. the timer starts at T₁=t_(sl)+t_(el), wheret_(el)=n_(clkl)/f_(clk). The internal timer value V₁ at T₁ is alsoknown. At the reception of the second command, the IC Card reads thevalue of the internal timer V₂, knowing the number of clock cyclesn_(clk2) desired since the receipt of second command until the internaltimer is read. By means of the following computation, the IC Cardprocess the average value of its internal clock frequency:

f _(clk)=(V ₂ −V ₁ +n _(clk1) −n _(clk2))/(t _(s2) −t _(s1))

where

T ₁ =t _(s1) +n _(clk1) /f _(clk),

T ₂ =t _(s2) +n _(clk2) /f _(clk,)

T ₂ −T ₁=(V ₂ −V ₁)/f _(clk)

t _(s2) −t _(s1)+(n _(clk2) −n _(clk1))/f _(clk)=(V ₂ −V ₁)/f _(clk)

from which

f _(clk)=(V ₂ −V ₁ +n _(clk1) −n _(clk2))/(t _(s2) −t _(s1))

This allows adaption, of the upper and lower bound of the timer, forexample depending on the processed clock frequency f_(clk) which maydecrease due to the usage.

The issues mentioned above are also addressed by an IC Card includingcircuitry to de-correlate electric signals s_(a), s_(b), s_(c) emittedduring computations and sensitive data involved in such computations,comprising functions to be executed for introducing respective electricsignals s₁, s₂, . . . , s_(n) not involving the sensitive data. The ICCard comprises a timer with a time value t_(rand) which is different foreach triggering of the functions.

BRIEF DESCRIPTION OF THE DRAWINGS

Further advantages and features of the method to de-correlate and thecorresponding IC Card according to the present invention will beapparent from the following description and the drawings give only forexemplificative purpose and without limiting the scope of the presentinvention.

FIG. 1 represents a diagram of the electric signals, emitted by an ICCard during computation, as a function of time, according to the methodof the prior art.

FIG. 2 represents a diagram with the electric signals of FIG. 1 andfurther electric signals introduced by noise functions, according to themethod of the prior art.

FIG. 3 represents a diagram of the electric signals, emitted by an ICCard during computations involving sensitive data, and noise functions,according to the method of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

With reference to FIG. 3, electrical signals s_(a), s_(b), s_(c) emittedby an IC Card for the computations of instructions i₁, i₂, i₃, arerepresented as a function of the time t. The computations involvesensitive data, for example a cryptographic key used by instruction i₂,to encrypt data. More particularly, the computation of instruction i₂may generate an electric signal s_(b) different from the signal emittedby the computations of instructions i₁ and i₃, due to the computationalcomplexity of the cryptographic instruction with respect to theinstructions i₁, i₃. Thus, in order to de-correlate the electric signals_(b) from the sensitive data involved in the instruction i₂, furtherelectric signals s₁, s₂, s₃ are inserted. Such signals s₁, s₂, s₃ areemitted by the IC Card during the computation of noise functions f₁, f₄,f₅ not involving sensitive data, for example inserted betweeninstruction i₁ and i₂.

According to the method of the invention, each function f₁, f₄, f₅ istriggered by a timer TMR having a time value t_(rand) which isdifferently reset at each step of executing the functions f₁, f₂, f₅.FIG. 3 schematically represents an execution of the method of thepresent invention: at time t=0, the timer TMR is set to a value of 30usec and, after it has counted 30 usec, it triggers the function f₁,with the emission from the IC Card of an electrical signal s₁,substantially similar to the electric signal s_(b) emitted for theexecution of instruction i₂.

Before time a, i.e. when the timer is reset, the IC Card processesanother value for the timer TMR, for example 13 usec. Thus, the timer isreset and decreased from 13 usec to 0 (point b), when it may triggeranother noise function f₄. Then, it is reset by the IC Card to anothervalue of 42 usec, processed by the IC Card. As described above, thetimer TMR is again decreased and, in point c, it may trigger a thirdnoise function f₅ and it is reset to another value of 15 usec. Beforethe execution of the instruction i₂ involving sensitive data, the timerTMR is reset two other times, respectively at values of 5 usec and 18usec, but in these cases it does not trigger any noise functions.

More particularly, according to a preferred embodiment, the noisefunctions may be randomly triggered or not triggered by the timer TMR.In this respect, also between the execution of instruction i₂ and i₃,the timer is reset to values of 39 usec and it does not trigger a noisefunction.

Advantageously, if the same computation i₁, i₂, i₃ is described above isrepeated a plurality of times, the insertion pattern of noise functionsis not repeated, since the values for the timer are different. Forinstance, repeating the execution of i₁, i₂, i₃, the timer might be setfor the first time, i.e. at t=0, to 8 usec, for a second time to 5 msecand for a third time to 50 usec. This means that, differently from thefirst execution of the computations i₁, i₂, i₃, the timer is reset threetimes between instruction i₁ and i₂, allowing an insertion pattern ofnoise functions completely different from the first execution of thecomputation i₁, i₂, i₃.

According to an aspect, the execution time t_(m) of the computation isprolonged as much as possible, within a predetermined time limitT_(max). In this respect, smaller are the different values of the timerTMR, higher are the number of portions in which the computation isdivided, due to the insertions of more noise functions. Thus, the methodof this invention processes a maximum number N_(max) of insertions ofnoise function which may be introduced to complete the computationwithin the predetermined time limit T_(max), another number N₁ ofinsertions of noise function which may be introduced to complete thecomputation within another predetermined time limit T₁, with T₁<T_(max),and process a lower timer value and an upper timer value to be used forselecting the timer value t_(rand).

In this respect, the t_(f1) the time for executing a noise functionf_(i), a sum of the execution time f_(i) of all the noise functions isΣ_(i) t_(fi).

Σ_(i) t_(fi) should be such that

Σ_(i) t _(fi) +t _(m) <T _(max)  (1)

i.e the execution time of the computation of i₁, i₂, i₃ with theinsertion of noise functions should be less than the predetermined timevalue T_(max).

If N₁ noise functions are executed, the expression (1) may be writtenas:

N ₁ *t _(f) .+t _(m) −T _(max)  (2)

where t_(f) is the average execution time of the noise functions, or as:

N ₁ *t _(f) .+t _(m) =T ₁  (3)

where T₁<T_(max).

From (3), the number of N₁ noise functions to be executed to maintainthe execution time of the computations together with the insertion ofnoise function within the predetermined time limit T1, may be calculatedas

N ₁=(T ₁ −t _(m))/t _(f)  (4)

This number N₁ also corresponds to the number of portions in which thecomputation of sensitive date is divided by the insertion of Mi noisefunctions.

Thus, the average execution time t_(pmu) of said N₁ portions is

t _(pmu) =T _(m) /N ₁  (5)

From (5), an upper timer value may be processed inside the IC Card as

t _(upper) =t _(pmu) *f _(clock),

where f_(clock) is a frequency of the clock of the IC Card. A value ofthe clock frequency is stored inside the IC Card.

Similarly, substituting T₁ with T_(max) in (3), a lower timer value maybe processed inside the IC Card as:

N _(max) *t _(f) +t _(m) =T _(max)  (3a)

From (3a), the number N_(max) of noise functions to be executed tomaintain the execution time of the computations together with theinsertion of N_(max) noise function within the time limit T_(max) may becalculated as

N _(max)=(T _(max) −t _(m))/t _(f)  (4a)

This number N_(max) also corresponds to the number N_(max) of portionsin which the computation of sensitive date is divided, due to theinsertion of N_(max) noise functions, to stay within the predeterminedtime limit T_(max).

Thus, the average execution time t_(pm1) of the portions is

t _(pm1) =T _(m) /N _(max)  (5a)

From (5a), a lower timer value may be processed inside the IC Card as

t _(uower) =t _(pm1) *f _(clock),

Advantageously, several executions of the computations involving thesensitive data, forced by a possible attack, cannot identify insertionpatterns of the noise functions introduced for de-correlation since suchfunctions may be triggered at any time and they do not correspond to anyinsertion pattern. Moreover, the insertion pattern of noise functionafter an execution of the entire computation involving the sensitivedata is substantially unrepeatable.

Advantageously, the timer values and thus the number of executions ofthe noise functions within the computation is calculated by the IC Cardto comply with ISO standards, maintaining the total execution time ofthe computation, including the execution time of the noise functionsinserted, within the predetermined time limits.

Advantageously, the average execution time t_(pmu) of the portions to beinserted for completing the computations within a predetermined timelimit T₁, and the upper timer value t_(upper) and the number N₁ ofexecutions of noise functions are automatically processed by the ICCard, based on the predetermined time value T₁. Also the execution timeof the computations t_(m) and the average execution time t_(f) of thenoise functions are automatically processed by the IC Card.

Advantageously, the average execution time t_(pm1) of the portionsassociated to the lower timer value t_(lower) is processed by dividingthe execution time t_(m) of the computations for a number N_(max) ofexecutions of the noise functions to complete the computations in thepredetermined time T_(max>)t_(m), with T_(max>)T₁.

1-11. (canceled)
 12. A method to de-correlate electric signals emitted by an IC Card during computations and sensitive data involved with the computations, the method comprising: executing functions introducing respective electric signals, which do not involve the sensitive data; each execution of the functions being triggered based upon a timer having a value which is different at each execution of the functions, such that time intervals between executions of the functions are different.
 13. A method according to claim 12, wherein, at each execution of the functions, the value is randomly selected between an upper timer value and a lower timer value which are determined by the IC Card to complete the computations involving sensitive data within a desired time limit.
 14. A method according to claim 13, wherein the upper timer value and the lower timer value are associated with an average execution time of portions of the computations involving sensitive data included between consecutive executions of the functions.
 15. A method according to claim 14, wherein the average execution time of the portions associated with the upper timer value are processed by dividing an execution time of the computations for a number of executions of the functions to complete the computations in a desired time stored in the IC Card.
 16. A method according to claim 15, wherein the number of executions of the functions to complete the computations in the desired time is processed by subtracting, from the desired time, the execution time of the computations and dividing a resulting difference with an average execution time of the functions.
 17. A method according to claim 14, wherein the average execution time of the portions associated with the lower timer value is processed by dividing an execution time of the computations by a number of executions of the functions to complete the computations in a desired time stored in the IC Card.
 18. A method according to claim 14, wherein the upper timer value and the lower timer value are processed, respectively, as t_(upper)=t_(pmu)*f_(clock), and t_(lower)=t_(pm1)*f_(clock), wherein t_(pmu) is the average execution time of the portions associated with the upper timer value, t_(pml) is the average execution time of the portions associated with the lower timer value, and f_(clock) is a frequency of a clock of the IC Card.
 19. A method according to claim 18, wherein the clock frequency is a fixed value and the upper timer value and the lower timer value are fixed values for the timer.
 20. A method according to claim 18, wherein the clock frequency is adjusted as f_(clk)=(V₂−V₁+n_(clk1)−n_(clk2))/(t_(s2)−t_(s1))/where t_(s2), t_(s1) are time stamps received by the IC Card from a handset, n_(clk1) and n_(clk2) are numbers of clock cycles occurring from receipt of the time stamps until, respectively, a start of an internal timer of the IC Card and a reading of a value thereof, and V₂, V₁ are values of the internal timer at time T₁=t_(s1)+n_(clk1)/f_(clk), and T₂=t_(s2)+n_(clk2)/f_(clk).
 21. A method to de-correlate electric signals emitted by an IC Card during computations and sensitive data involved with the computations, the method comprising: executing functions introducing respective electric signals, which do not involve the sensitive data; each execution of the functions being triggered based upon a timer having a value which is different at each execution of the functions, such that time intervals between executions of the functions are different; at each execution of the functions, the value of the timer being randomly selected between an upper timer value and a lower timer value which are determined by the IC Card to complete the computations involving sensitive data within a desired time limit, at least one of the upper timer value and the lower timer value being associated with an average execution time of portions of the computations involving sensitive data included between consecutive executions of the functions.
 22. A method according to claim 21, wherein the average execution time of the portions associated with the upper timer value are processed by dividing an execution time of the computations for a number of executions of the functions to complete the computations in a desired time stored in the IC Card.
 23. A method according to claim 22, wherein the number of executions of the functions to complete the computations in the desired time is processed by subtracting, from the desired time, the execution time of the computations and dividing a resulting difference with an average execution time of the functions.
 24. An IC card comprising: a processor configured to perform computations involving sensitive data and to emit electric signals based thereupon; and a timer; said processor also coupled to said timer and configured to de-correlate the electric signals by executing functions introducing respective electric signals, which do not involve the sensitive data, each execution of the functions being triggered based upon the timer having a value which is different at each execution of the functions, such that time intervals between executions of the functions are different.
 25. An IC Card according to claim 24, wherein said processor is configured such that at each execution of the functions, the value of the timer is randomly selected between an upper timer value and a lower timer value which are determined by the IC Card to complete the computations involving sensitive data within a desired time limit.
 26. An IC Card according to claim 25, wherein said processor is configured such that the upper timer value and the lower timer value are associated with an average execution time of portions of the computations involving sensitive data included between consecutive executions of the functions.
 27. An IC Card according to claim 26, wherein said processor is configured such that the average execution time of the portions associated with the upper timer value are processed by dividing an execution time of the computations for a number of executions of the functions to complete the computations in a desired time stored in the IC Card.
 28. An IC Card according to claim 27, wherein said processor is configured such that the number of executions of the functions to complete the computations in the desired time is processed by subtracting, from the desired time, the execution time of the computations and dividing a resulting difference with an average execution time of said functions.
 29. An IC Card according to claim 26, wherein said processor is configured such that the average execution time of the portions associated with the lower timer value is processed by dividing an execution time of the computations by a number of executions of the functions to complete the computations in a desired time stored in the IC Card.
 30. An IC Card according to claim 27, wherein said processor is configured such that the number of executions of the functions to complete the computations in the desired time is processed by subtracting, from the desired time, the execution time of the computations, and dividing a resulting difference with an average execution time of the functions. 